Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit e5bc267

Browse filesBrowse files
lcarteylcartey
committed
Merge branch 'main' into lcartey/add-cs-config-action
2 parents 382d4f3 + 09a2de8 commit e5bc267
Copy full SHA for e5bc267

File tree

Expand file treeCollapse file tree

483 files changed

+5379
-1259
lines changed
Filter options

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
Dismiss banner
Expand file treeCollapse file tree

483 files changed

+5379
-1259
lines changed

‎.github/actions/check-permissions/action.yml

Copy file name to clipboard
+49Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
name: Check current actor permissions
2+
description: |
3+
Checks whether the current actor has the specified permssions
4+
inputs:
5+
minimum-permission:
6+
description: |
7+
The minimum required permission. One of: read, write, admin
8+
required: true
9+
outputs:
10+
has-permission:
11+
description: "Whether the actor had the minimum required permission"
12+
value: ${{ steps.check-permission.outputs.has-permission }}
13+
14+
runs:
15+
using: composite
16+
steps:
17+
- uses: actions/github-script@v7
18+
id: check-permission
19+
env:
20+
INPUT_MINIMUM-PERMISSION: ${{ inputs.minimum-permission }}
21+
with:
22+
script: |
23+
// Valid permissions are none, read, write, admin (legacy base permissions)
24+
const permissionsRanking = ["none", "read", "write", "admin"];
25+
26+
// Note: core.getInput doesn't work by default in a composite action - in this case
27+
// it would try to fetch the input to the github-script instead of the action
28+
// itself. Instead, we set the appropriate magic env var with the actions input.
29+
// See: https://github.com/actions/runner/issues/665
30+
const minimumPermission = core.getInput('minimum-permission');
31+
if (!permissionsRanking.includes(minimumPermission)) {
32+
core.setFailed(`Invalid minimum permission: ${minimumPermission}`);
33+
return;
34+
}
35+
36+
const { data : { permission : actorPermission } } = await github.rest.repos.getCollaboratorPermissionLevel({
37+
owner: context.repo.owner,
38+
repo: context.repo.repo,
39+
username: context.actor
40+
});
41+
42+
// Confirm whether the actor permission is at least the selected permission
43+
const hasPermission = permissionsRanking.indexOf(minimumPermission) <= permissionsRanking.indexOf(actorPermission) ? "1" : "";
44+
core.setOutput('has-permission', hasPermission);
45+
if (!hasPermission) {
46+
core.info(`Current actor (${context.actor}) does not have the minimum required permission '${minimumPermission}' (has '${actorPermission}')`);
47+
} else {
48+
core.info(`Current actor (${context.actor}) has the minimum required permission '${minimumPermission}' (has '${actorPermission}')`);
49+
}

‎.github/workflows/code-scanning-pack-gen.yml

Copy file name to clipboardExpand all lines: .github/workflows/code-scanning-pack-gen.yml
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,7 @@ jobs:
106106
zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/configuration codeql-coding-standards/scripts/reports codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/guideline_recategorization codeql-coding-standards/schemas
107107
108108
- name: Upload GHAS Query Pack
109-
uses: actions/upload-artifact@v2
109+
uses: actions/upload-artifact@v3
110110
with:
111111
name: code-scanning-cpp-query-pack.zip
112112
path: code-scanning-cpp-query-pack.zip

‎.github/workflows/codeql_unit_tests.yml

Copy file name to clipboardExpand all lines: .github/workflows/codeql_unit_tests.yml
+9-2Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -151,7 +151,7 @@ jobs:
151151
file.close()
152152
153153
- name: Upload test results
154-
uses: actions/upload-artifact@v3
154+
uses: actions/upload-artifact@v4
155155
with:
156156
name: ${{ matrix.language }}-test-results-${{ runner.os }}-${{ matrix.codeql_cli }}-${{ matrix.codeql_standard_library_ident }}
157157
path: |
@@ -160,11 +160,18 @@ jobs:
160160

161161
validate-test-results:
162162
name: Validate test results
163+
if: ${{ always() }}
163164
needs: run-test-suites
164165
runs-on: ubuntu-22.04
165166
steps:
167+
- name: Check if run-test-suites job failed to complete, if so fail
168+
if: ${{ needs.run-test-suites.result == 'failure' }}
169+
uses: actions/github-script@v3
170+
with:
171+
script: |
172+
core.setFailed('Test run job failed')
166173
- name: Collect test results
167-
uses: actions/download-artifact@v3
174+
uses: actions/download-artifact@v4
168175

169176
- name: Validate test results
170177
run: |

‎.github/workflows/dispatch-matrix-check.yml

Copy file name to clipboardExpand all lines: .github/workflows/dispatch-matrix-check.yml
-37Lines changed: 0 additions & 37 deletions
This file was deleted.

‎.github/workflows/dispatch-matrix-test-on-comment.yml

Copy file name to clipboardExpand all lines: .github/workflows/dispatch-matrix-test-on-comment.yml
+29-23Lines changed: 29 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -3,39 +3,45 @@ name: 🤖 Run Matrix Check (On Comment)
33
on:
44
issue_comment:
55
types: [created]
6-
branches:
7-
- main
8-
- "rc/**"
9-
- next
106

117
jobs:
128
dispatch-matrix-check:
139
runs-on: ubuntu-22.04
1410
steps:
15-
- name: Test Variables
16-
shell: pwsh
17-
run: |
18-
Write-Host "Running as: ${{github.actor}}"
19-
20-
$actor = "${{github.actor}}"
21-
22-
$acl = @("mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "nicolaswill")
11+
- name: Checkout repository
12+
uses: actions/checkout@v4
2313

24-
if(-not ($actor -in $acl)){
25-
throw "Refusing to run workflow for user not in acl."
26-
}
14+
- name: Check permission
15+
id: check-write-permission
16+
uses: ./.github/actions/check-permissions
17+
with:
18+
minimum-permission: "write"
2719

28-
- name: Dispatch Matrix Testing Job
29-
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') }}
30-
uses: peter-evans/repository-dispatch@v2
20+
- name: Generate token
21+
id: generate-token
22+
uses: actions/create-github-app-token@v1
3123
with:
32-
token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
33-
repository: github/codeql-coding-standards-release-engineering
34-
event-type: matrix-test
35-
client-payload: '{"pr": "${{ github.event.issue.number }}"}'
24+
app-id: ${{ vars.AUTOMATION_APP_ID }}
25+
private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
26+
owner: ${{ github.repository_owner }}
27+
repositories: "codeql-coding-standards-release-engineering"
28+
29+
- name: Invoke matrix testing job
30+
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') && steps.check-write-permission.outputs.has-permission }}
31+
env:
32+
ISSUE_NR: ${{ github.event.issue.number }}
33+
GH_TOKEN: ${{ steps.generate-token.outputs.token }}
34+
run: |
35+
jq -n \
36+
--arg issue_nr "$ISSUE_NR" \
37+
'{"issue-nr": $issue_nr}' \
38+
| \
39+
gh workflow run pr-compiler-validation.yml \
40+
--json \
41+
-R github/codeql-coding-standards-release-engineering
3642
3743
- uses: actions/github-script@v6
38-
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') }}
44+
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') && steps.check-write-permission.outputs.has-permission }}
3945
with:
4046
script: |
4147
github.rest.issues.createComment({

‎.github/workflows/dispatch-release-performance-check.yml

Copy file name to clipboardExpand all lines: .github/workflows/dispatch-release-performance-check.yml
+29-23Lines changed: 29 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -3,39 +3,45 @@ name: 🏁 Run Release Performance Check
33
on:
44
issue_comment:
55
types: [created]
6-
branches:
7-
- main
8-
- "rc/**"
9-
- next
106

117
jobs:
128
dispatch-matrix-check:
139
runs-on: ubuntu-22.04
1410
steps:
15-
- name: Test Variables
16-
shell: pwsh
17-
run: |
18-
Write-Host "Running as: ${{github.actor}}"
19-
20-
$actor = "${{github.actor}}"
21-
22-
$acl = @("mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "nicolaswill")
11+
- name: Checkout repository
12+
uses: actions/checkout@v4
2313

24-
if(-not ($actor -in $acl)){
25-
throw "Refusing to run workflow for user not in acl."
26-
}
14+
- name: Check permission
15+
id: check-write-permission
16+
uses: ./.github/actions/check-permissions
17+
with:
18+
minimum-permission: "write"
2719

28-
- name: Dispatch Performance Testing Job
29-
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') }}
30-
uses: peter-evans/repository-dispatch@v2
20+
- name: Generate token
21+
id: generate-token
22+
uses: actions/create-github-app-token@v1
3123
with:
32-
token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
33-
repository: github/codeql-coding-standards-release-engineering
34-
event-type: performance-test
35-
client-payload: '{"pr": "${{ github.event.issue.number }}"}'
24+
app-id: ${{ vars.AUTOMATION_APP_ID }}
25+
private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
26+
owner: ${{ github.repository_owner }}
27+
repositories: "codeql-coding-standards-release-engineering"
28+
29+
- name: Invoke performance test
30+
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') && steps.check-write-permission.outputs.has-permission }}
31+
env:
32+
ISSUE_NR: ${{ github.event.issue.number }}
33+
GH_TOKEN: ${{ steps.generate-token.outputs.token }}
34+
run: |
35+
jq -n \
36+
--arg issue_nr "$ISSUE_NR" \
37+
'{"issue-nr": $issue_nr}' \
38+
| \
39+
gh workflow run pr-performance-testing.yml \
40+
--json \
41+
-R github/codeql-coding-standards-release-engineering
3642
3743
- uses: actions/github-script@v6
38-
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') }}
44+
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') && steps.check-write-permission.outputs.has-permission }}
3945
with:
4046
script: |
4147
github.rest.issues.createComment({

‎.github/workflows/finalize-release.yml

Copy file name to clipboardExpand all lines: .github/workflows/finalize-release.yml
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -103,7 +103,7 @@ jobs:
103103
- name: Generate token
104104
if: env.HOTFIX_RELEASE == 'false'
105105
id: generate-token
106-
uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
106+
uses: actions/create-github-app-token@v1
107107
with:
108108
app-id: ${{ vars.AUTOMATION_APP_ID }}
109109
private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

‎.github/workflows/generate-html-docs.yml

Copy file name to clipboardExpand all lines: .github/workflows/generate-html-docs.yml
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ jobs:
3535
python scripts/documentation/generate_iso26262_docs.py coding-standards-html-docs
3636
3737
- name: Upload HTML documentation
38-
uses: actions/upload-artifact@v2
38+
uses: actions/upload-artifact@v3
3939
with:
4040
name: coding-standards-docs-${{ github.sha }}
4141
path: coding-standards-html-docs/

‎.github/workflows/prepare-release.yml

Copy file name to clipboardExpand all lines: .github/workflows/prepare-release.yml
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -143,7 +143,7 @@ jobs:
143143
144144
- name: Generate token
145145
id: generate-token
146-
uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
146+
uses: actions/create-github-app-token@v1
147147
with:
148148
app-id: ${{ vars.AUTOMATION_APP_ID }}
149149
private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

‎.github/workflows/standard_library_upgrade_tests.yml

Copy file name to clipboardExpand all lines: .github/workflows/standard_library_upgrade_tests.yml
+2-2Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -143,7 +143,7 @@ jobs:
143143
}, test_summary_file)
144144
145145
- name: Upload test results
146-
uses: actions/upload-artifact@v2
146+
uses: actions/upload-artifact@v4
147147
with:
148148
name: test-results-${{runner.os}}-${{matrix.codeql_cli}}-${{matrix.codeql_standard_library_ident}}
149149
path: |
@@ -162,7 +162,7 @@ jobs:
162162
python-version: "3.9"
163163

164164
- name: Collect test results
165-
uses: actions/download-artifact@v2
165+
uses: actions/download-artifact@v4
166166

167167
- name: Validate test results
168168
shell: python

‎.github/workflows/update-release.yml

Copy file name to clipboardExpand all lines: .github/workflows/update-release.yml
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ jobs:
4343

4444
- name: Generate token
4545
id: generate-token
46-
uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
46+
uses: actions/create-github-app-token@v1
4747
with:
4848
app-id: ${{ vars.AUTOMATION_APP_ID }}
4949
private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

‎.github/workflows/upgrade_codeql_dependencies.yml

Copy file name to clipboardExpand all lines: .github/workflows/upgrade_codeql_dependencies.yml
+26-16Lines changed: 26 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -18,10 +18,20 @@ jobs:
1818
runs-on: ubuntu-22.04
1919
steps:
2020
- name: Checkout
21-
uses: actions/checkout@v2
21+
uses: actions/checkout@v4
22+
23+
- name: Fetch CodeQL
24+
env:
25+
GITHUB_TOKEN: ${{ github.token }}
26+
RUNNER_TEMP: ${{ runner.temp }}
27+
run: |
28+
cd $RUNNER_TEMP
29+
gh release download "v${CODEQL_CLI_VERSION}" --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip
30+
unzip -q codeql-linux64.zip
31+
echo "$RUNNER_TEMP/codeql/" >> $GITHUB_PATH
2232
2333
- name: Install Python
24-
uses: actions/setup-python@v4
34+
uses: actions/setup-python@v5
2535
with:
2636
python-version: "3.9"
2737

@@ -35,27 +45,27 @@ jobs:
3545
run: |
3646
python3 scripts/upgrade-codeql-dependencies/upgrade-codeql-dependencies.py --cli-version "$CODEQL_CLI_VERSION"
3747
38-
- name: Fetch CodeQL
39-
env:
40-
GITHUB_TOKEN: ${{ github.token }}
41-
RUNNER_TEMP: ${{ runner.temp }}
42-
run: |
43-
cd $RUNNER_TEMP
44-
gh release download "v${CODEQL_CLI_VERSION}" --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip
45-
unzip -q codeql-linux64.zip
46-
4748
- name: Update CodeQL formatting based on new CLI version
4849
env:
4950
RUNNER_TEMP: ${{ runner.temp }}
5051
run: |
51-
find cpp \( -name '*.ql' -or -name '*.qll' \) -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" $RUNNER_TEMP/codeql/codeql query format --in-place
52-
find c \( -name '*.ql' -or -name '*.qll' \) -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" $RUNNER_TEMP/codeql/codeql query format --in-place
52+
find cpp \( -name '*.ql' -or -name '*.qll' \) -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" codeql query format --in-place
53+
find c \( -name '*.ql' -or -name '*.qll' \) -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" codeql query format --in-place
5354
5455
- name: Create Pull Request
55-
uses: peter-evans/create-pull-request@v3
56+
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
5657
with:
57-
title: "Upgrading `github/codeql` dependency to ${{ github.event.inputs.codeql_cli_version }}"
58-
body: "This PR upgrades the CodeQL CLI version to ${{ github.event.inputs.codeql_cli_version }}."
58+
title: "Upgrade `github/codeql` dependency to ${{ github.event.inputs.codeql_cli_version }}"
59+
body: |
60+
This PR upgrades the CodeQL CLI version to ${{ github.event.inputs.codeql_cli_version }}.
61+
62+
## CodeQL dependency upgrade checklist:
63+
64+
- [ ] Confirm the code has been correctly reformatted according to the new CodeQL CLI.
65+
- [ ] Identify any CodeQL compiler warnings and errors, and update queries as required.
66+
- [ ] Validate that the `github/codeql` test cases succeed.
67+
- [ ] Address any CodeQL test failures in the `github/codeql-coding-standards` repository.
68+
- [ ] Validate performance vs pre-upgrade, using /test-performance
5969
commit-message: "Upgrading `github/codeql` dependency to ${{ github.event.inputs.codeql_cli_version }}"
6070
delete-branch: true
6171
branch: "codeql/upgrade-to-${{ github.event.inputs.codeql_cli_version }}"

‎.github/workflows/validate-package-files.yml

Copy file name to clipboardExpand all lines: .github/workflows/validate-package-files.yml
+7-1Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -56,4 +56,10 @@ jobs:
5656
find rule_packages/$LANGUAGE -name \*.json -exec basename {} .json \; | xargs python scripts/generate_rules/generate_package_files.py $LANGUAGE
5757
git diff
5858
git diff --compact-summary
59-
git diff --quiet
59+
git diff --quiet
60+
61+
- name: Validate Amendments
62+
env:
63+
LANGUAGE: ${{ matrix.language }}
64+
run: |
65+
python scripts/validate-amendments-csv.py $LANGUAGE

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.